John Clark Motor Group Privacy Policy
8th April 2026
1) Who we are and how to contact usFor all customer-facing activities across our group, the data controller is John Clark (Holdings) Limited (Company No. SC098411), Alliance Centre, Greenwell Road, Aberdeen, AB12 3AX. You can contact us at crm@john-clark.co.uk. This notice applies to all of our UK trading names and subsidiaries. John Clark (Holdings) Limited is responsible for deciding how and why your personal data is used.
2) When this notice applies and how it links to our websitesThis notice applies when you visit our websites (including
www.john-clark.co.uk and sub-domains), contact us by phone or online (including social media/live chat), visit our dealerships, request information, make a purchase or use aftersales services.
We process your data as described in this notice. We rely on contract, legal obligation or legitimate interests for most operational activities and use consent only where the law requires it or where the activity is genuinely optional (for example, certain email/short message service (SMS) marketing and non-essential cookies).
For information about cookies, please see our Cookie Notice (Section 7).
3) What personal data we collectDepending on your interactions with us we may process:
- identification and contact details
- date of birth
- vehicle details (registration, vehicle identification number, service/mileage/warranty data)
- transaction and ownership records
- service/MOT history
- communications and preferences
- payment details (we do not retain full card primary account number/card verification code)
- call recordings (for training/dispute resolution)
- live-chat records
- IP address and device/browser details (see Cookie Notice)
- marketing interactions
Special-category data. We do not routinely collect special-category data. If a particular scheme (for example, Motability) or a vulnerability flag requires it, we will obtain your explicit consent or rely on another applicable condition and apply additional safeguards.
Criminal-offence data. We do not record endorsements or conviction data from your driving licence. If we must share keeper/driver details with authorities or private enforcement bodies in connection with an offence, we only do so under a relevant legal obligation.
Biometric data. Any biometric feature offered to customers (for example, app-based recognition used to uniquely identify you) will only operate with your explicit consent and can be switched off at any time. We also process your data by onsite CCTV for safety and security purposes under Legitimate Interests.
4) Where your data comes fromThe data we gather comes from:
- you and your devices/interactions
- manufacturers and their dealer systems
- finance and insurance partners where you ask us to introduce you
- vehicle provenance data providers
- our IT, telephony and CRM suppliers
- public sources
5) Why we use your data and our lawful basesWe use your personal data on the following legal bases:
- Consent – for direct marketing by email or SMS from us or third parties. You can withdraw at any time.
- Contract – to fulfil obligations under contracts with you (e.g., sales, service plans).
- Legitimate Interest – for customer support, marketing relevant to your relationship with us, service reminders, fraud prevention, analysis to improve services, competitions, promotions, and system security.
- Legal Obligation – e.g., to register your car with the DVLA.
- Vital Interest – in urgent safety or product recall situations.
Purpose
| Examples
| Lawful basis
|
Enquiries and quotations
| Responding to web/phone/dealership enquiries; preparing quotes; arranging viewings or vehicle transfers
| Consent; contract; legitimate interests
|
Vehicle sale and handover
| Orders and payments; pre-delivery inspection; delivery/collection; warranty registration; DVLA registration
| Contract; legal obligation
|
Aftersales and service
| Bookings; service/MOT/repairs; parts; warranty/recall admin; goodwill
| Contract; legal obligation; legitimate interests; vital interest
|
Finance introductions
| Gathering application details and passing to selected providers you choose
| Contract; legitimate interests
|
Insurance mediation and add-ons
| Introducing regulated insurance; arranging non-regulated add-ons
| Contract; legal obligation financial conduct authority (FCA); legitimate interests
|
Customer support and dispute resolution
| Handling queries/returns; training and quality assurance
| Legitimate interests; legal obligation
|
Safety and security
| CCTV at premises; fraud prevention; system security
| Legitimate interests; legal obligation
|
Marketing our own products and services
| Email/SMS/post/phone about similar products/services
| Consent; legitimate interests
|
Third-party marketing
| Sharing details with associated partners so they can market to you
| Consent
|
Analytics and non-essential cookies
| Audience measurement; ad tech
| Consent
|
Corporate governance/compliance
| FCA/His Majesty’s revenue and customs (HMRC)/Information Commissioner’s Office (ICO) compliance; audit; responding to lawful requests; enforcing rights
| Legal obligation; legitimate interests
|
6) Marketing, PECR and your choices (Article 21 UK GDPR)You have an absolute right to object at any time to our use of your personal data for direct marketing, including any related profiling. If you object, we will stop without delay.
We send our own marketing by email/SMS either with your consent or, where lawful, under the Privacy and Electronic Communications Regulations soft opt-in for existing customers in relation to similar products and services. You may unsubscribe at any time and all our SMS have a “STOP” functionality. Finally, you can change preferences or object at any time in the
Customer Data Hub, by emailing crm@john-clark.co.uk, or by writing to us.
We action all opt-outs promptly and, in any event, within five working days, though complete cessation across all systems may take slightly longer.
We screen live and automated marketing calls against the Telephone Preference Service (TPS) and Corporate TPS (CTPS) and do not call numbers registered on those services unless you have expressly asked us to call. If you ask us not to call again, we will add your number to our internal do-not-call list.
Changing marketing preferences will not affect service communications (for example, order updates, Service/MOT reminders, invoices, warranty information or safety recalls).
7) Cookies and similar technologiesWe use essential cookies for security and core site functions. We use non-essential analytics and advertising cookies only with your consent, collected through our cookie banner.
8) Credit broking – roles and responsibilitiesWhen you ask us to introduce you to a finance provider, we act as a broker and share relevant application data with selected providers. Those providers are independent controllers for their own decisions and checks (including credit-reference and fraud-prevention agency searches) and will give you their own privacy notices.
9) Who we share your data withWe do not sell your personal data.
We share it only as necessary, under contract and with appropriate safeguards, with:
- vehicle manufacturers
- finance and insurance providers/brokers where you ask for introductions
- payment processors
- IT, hosting, CRM/Dealer Management Systems (DMS) and communications suppliers
- analytics and online advertising processors (with consent)
- professional advisers
- authorities and regulators
- other companies within our group for administrative purposes.
We share personal data, where necessary, with vehicle manufacturers, finance companies, warranty and insurance providers, dealer management system (DMS) providers, IT and hosting providers, payment processors, marketing agencies, and our professional advisers (including legal, audit and accounting services).
We will only share information that is necessary for the relevant purpose. A current list of our data processors and key partners is available on request.
10) International data transfersSome suppliers are located or process data outside the UK. Where the destination benefits from a UK adequacy regulation, we rely on that. Otherwise, we use the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses, complete transfer risk assessments and apply measures such as encryption at rest and in transit.
11) How long we keep your dataWe apply storage-limitation principles with objective retention triggers. We delete or irreversibly anonymise data once the relevant period expires.
- Vehicle sales and aftersales records (including invoices, warranties, service/MOT records): up to 7 years from last transaction for tax/accounting and product-liability purposes.
- Complaints and dispute files: 6 years from closure (longer if litigation is reasonably contemplated).
- CCTV footage: approximately 30 days unless needed for an incident.
- Call recordings: 60 days unless needed for training/disputes, then retained with the case file.
- Enquiry records (no subsequent transaction): 36 months from last meaningful interaction, then deletion/anonymisation, unless you withdraw your consent.
- Marketing profiles and preferences: Where you have opted in to receive marketing from us, we may contact you with relevant offers, products or services
We review retention periods periodically and may hold data longer where required to establish, exercise or defend legal claims. We recognise the tension between the data protection principle of storage limitation and various statutory obligations that impose significant retention periods. To resolve this, we retain data for longer durations only when specific UK legislation—such as that governing tax, product liability, or financial regulation—strictly requires us to do so. We prioritise the deletion of data as soon as these statutory time horizons expire.
12) Automated decision-making and profilingWe do not make decisions about you solely by automated means that have legal or similarly significant effects. We do, however, use limited profiling to tailor what we send you, including using automated means. You can object at any time via the Customer Data Hub. Finance providers may use automated decision-making in their credit processes and will explain this in their own notices.
13) SecurityWe use strict security measures and limit access to authorised staff. We have procedures for managing suspected breaches and in the unlikely event will notify you and the ICO where legally required. While no system is perfectly secure, we work to prevent unauthorised access, use, disclosure, alteration or loss.
14) Your rightsYou have rights under data protection law, including to:
- be informed
- access
- rectify
- erase
- restrict processing
- data portability
- object (including an absolute right to object to direct marketing)
- rights relating to automated decision-making
You can exercise these rights via the
Customer Data Hub, by emailing crm@john-clark.co.uk, or by writing to us.
We ordinarily respond within one month and may request identification where necessary. You can complain to the Information Commissioner’s Office (www.ico.org.uk) if you are unhappy with how we handle your data.
15) Links to other websitesOur websites may link to partners, advertisers or affiliates. Their privacy policies apply to their sites—please review them before submitting any personal data.
16) Changes to this noticeWe will update this notice from time to time. The version and effective date are shown at the top. For material changes we will provide a prominent update and, where appropriate, contact you directly.
